Closed axscell closed 8 months ago
I have a problem with login page and it's not solved by this issue. I'm getting constantly error "1105 : Invalid credentials" and it doesn't let me to login!
Originally posted by @0xShervin in #277 (comment)
I mentioned this earlier and I think someone is sniffing my network and I can't access to it! Why SSL/TLS is not implemented by default and It's not completely encrypted?
Perhaps you should connect to a different network to perform your task to rule this out.
SSL is not enabled by default on a fresh CapRover install. If you are suspecting the symptoms of MITM attack on your network involving your device, such as a TLS downgrade attack or fake cert injection, etc, then there are steps you can take to mitigate these issues but remember, they are beyond the scope of this project.
I HIGHLY recommend you try connecting to another network to rule out a MITM attack if you are suspecting this. Note, this is also extremely unlikely.
If you connect to your server via SSH, you can still reset your password immediately even on a compromised network. Just don't log into the server until you are on a safe network that you can trust, also being mindful that your own computer is trustworthy.
Why SSL/TLS is not implemented by default and It's not completely encrypted?
because a large portion of CapRover installation is local and Let'sEncrypt cannot provide an SSL certificate for these.
I think someone is sniffing my network
If someone is constantly sniffing your network, you have bigger problems. But to answer your question, you can simply only allow your own IP to access the VPS and set up SSL and change password.
Originally posted by @0xShervin in https://github.com/caprover/caprover/issues/277#issuecomment-1908501899
I mentioned this earlier and I think someone is sniffing my network and I can't access to it! Why SSL/TLS is not implemented by default and It's not completely encrypted?